Active Directory Command Line Tools

This videos looks at 5 Active Directory command lines tools that can be used in scripts to speed up administration in your domain. Using these command line tools, the administrator can add, modify, delete and retrieve information about any object in Active Directory.DSAdd 0:47DSGet 04:34DSMod 05:32DSRM 06:31DSQuery 07:43This video will look at all the Command line tools shown above. Even thought each command line tool performs a different function, you will start to see that the parameters used in different tools are simplerDistinguished NameA lot of the commands ask for a parameter called distinguished name. The distinguished name uniquely identifies an object in Active Directory. The same way a full filename and path would identify a file on a hard disk. The Distinguished Name identifies the Active Directory object using the following syntax.CN Common NameOU Organizational Unit NameDC Domain ComponentAn example of a distinguished name is as followscn=Simth,cn=users,dc=ITFreeTraining,dc=localDSAddThe DSAdd command allows objects to be created in Active Directory. The parameter supported by the command are computer, contact, group, OU, user and quota.Examples:DSAdd user “cn=Simth,cn=users,dc=ITFreeTraining,dc=local” –fn John –ln Simth –pwd P@ssw0rd –mustchpwd yesDSAdd computer “cn=pc1,cn=computers,dc=ITFreeTraining,dc=local”DSAdd group “cn=GSales,ou=Users,ou=New York,dc=ITFreeTraining,dc=local” –scope gDSGetThis command gets information about an object in Active Directory. The command requires the type of object to be retrieve to be given. This can be computer, contact, group, OU, server, user, subnet, site, quote and partition. Following this is the Distinguished Name of the object. After this you need to indicate what information you want to retrieve, for example to retrieve the description for the object you would add -descExample:DSGet user “cn=John Doe,ou=Users,ou=New York,dc=ITFreeTraining,dc=local” –fn –ln -emailDSModDSMos allows individual attributes of Active Directory objects to be modified. This command support the following parameters computer, contact, group, OU, server, user, quote and partition.Example:dsmod user “cn=Simth,cn=users,dc=ITFreeTraining,dc=local” -pwd P@ssw0rd2 -mustchpwdDSRMThis command deletes and object in Active Directory. Unlike the other commands, the type of object does not need to be given in the command line. The command support additional parameters like –NoPrompt will remove the prompt asking you to procedure before deleting the object.Example:dsrm “OU=Testing,dc=ITFreeTraining,dc=local“ –subtree -cDSQueryThis command queries the Active Directory database for objects. It supports the following parameters computer, contact, group, ou, site, server, user, quote, partition and LDAP queries.Example:dsquery ou DC=ITFreeTraining,DC=LocalReferences“MCTS 70-640 Configuring Windows Server 2008 Active Directory” pg 88-89 DSAdd http://technet.microsoft.com/en-us/library/cc753708DSGet http://technet.microsoft.com/en-us/library/cc755162DSMod http://technet.microsoft.com/en-us/library/cc732406DSRM http://technet.microsoft.com/en-us/library/cc731865DSQuery http://technet.microsoft.com/en-us/library/cc732952